Security

security-violation error

vineeth10
New Member

Hello,

is there anyway i can genrate alert and send mail from splunk .
for eg:- if there is an security-violation error on a particular switch like err-disable state if someone tried to connect a switch or router on a access port.

or

if a stack one of the switch went down splunk should send me an alert via email to my network team.

is it possible ?

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, it is possible. If you can search for it, you can alert on it. Once you've produced a search that finds the event(s) of interest, schedule it to run at some interval - every 15 minutes, for example. Then choose an alert trigger. I've found if number of events is equal to 0 works best for my searches. Mark the Send email box and fill in the addresses to which to send the alert.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...